<?
include('sys/init.php');

$current_user = hello();

$what = (isset($_POST['what'])) ? $_POST['what'] : '';

$can_edit   = check_user_right('sections', 'edit_users', $current_user['rights']);
$can_remove = check_user_right('sections', 'remove_users',  $current_user['rights']);


////////////////////////////////////////////////////////////////////////////////


// Now we show user-edit form

if($what=='edituser' && isset($_POST['uid']))
{
   $uid = justdigs($_POST['uid']);
   
   if($uid != $current_user['id'] && !$can_edit) die('oops!');
   
   if( !($uid>=0)) die('Error: No such user.');

   if($uid>0) $user = get_user_and_his_rights($uid); // olduser
   else $user = new_user_array();                    // newuser
   
   print html_edit_user_form($user, $current_user);
}

//------------------------------------------------------------------------------
//------------------------------------------------------------------------------


// And now we store new information

elseif( $what=='afteredit' && isset($_POST['userid']))
{
   $user['id'] = justdigs($_POST['userid']);
   
   if($user['id'] != $current_user['id'] && !$can_edit) die('oops!');


   //---------------------------------------------------------------------------
   // login

   $isolduser = ( $user['id']>0 );

   $user['login'] = isset($_POST['userlogin']) ? check_login($_POST['userlogin'], $isolduser) : '';

   if(!$user['login']) go_back();
   
   
   //---------------------------------------------------------------------------
   // level
   
   $old_level = justdigs($_POST['oldlvl']);
   
   $user['level_id'] = isset($_POST['userlevel']) ? justdigs($_POST['userlevel']) : false;

   if( !$user['level_id'] > 0 || get_userlevel($user['level_id']) > $current_user['level'] || get_userlevel($old_level) > $current_user['level'] ) unset($user['level_id']);


   //---------------------------------------------------------------------------
   // name

   $user['name']  = check_name($_POST['username'], 'and check length, pls');
   
   if(!$user['name']) go_back();
   
   
   //---------------------------------------------------------------------------
   // misc

   $user['email']    = (isset($_POST['useremail']))   ? check_email($_POST['useremail']) : '';
   $user['comment']  = (isset($_POST['usercomment'])) ? justwords($_POST['usercomment']) : '';
   $user['ban']      = (isset($_POST['userlock']) && $_POST['userlock'] == 1) ? 1 : 0;
   
   
   //---------------------------------------------------------------------------
   // passw

   $oldpass = isset($_POST['oldpass']) ? preg_replace('/[^0-9a-f]/i', '', $_POST['oldpass']) : '';
   $newpass = $_POST['userpass'];
   
   if( $newpass == '') $newpass = $oldpass;

   if( strlen($oldpass)<4 && strlen($newpass)<4 ) die('wrong password!');

   $user['pass'] = ($oldpass == $newpass) ? $oldpass : md5($newpass);
   
   
   //---------------------------------------------------------------------------
   // ok, now let's store user info.
   
   $res = edit_user_info($user);
   
   if($res=='error') die("can't store user info!!");


   if($user['id'] == 0) $user = get_user(0, $user['login']); // when new user

   if( isset($_POST['rights']) )
                  edit_user_rights($user['id'], $_POST['rights'], $current_user); // rights-checker is built in this function.s
   
   
   header('Location:'._basedomain.'/users/'.$user['login']);
}

elseif( $what=='removeuser' && isset($_POST['uid']) && $can_remove)
{
   $uid = justdigs($_POST['uid']);
   
   if( remove_user($uid) ) die('deleted'.$uid);
   else die('oops!');
}

// what else?

else die('what?..');






























?>
